I am trying to test connection to my SMTP server and check my incoming ACLs but I am having trouble. My incoming on the public interface ACL is as follows:
ip access-list extended filterin deny ip 192.168.0.0 0.0.255.255 any log-input deny ip 10.0.0.0 0.255.255.255 any log-input deny ip 172.16.0.0 0.15.255.255 any log-input deny ip 127.0.0.0 0.255.255.255 any log-input deny ip 224.0.0.0 15.255.255.255 any log-input deny ip host 0.0.0.0 any log-input deny icmp any any echo log-input deny tcp any any eq 23 log-input permit icmp any any packet-too-big permit icmp any any echo-reply permit tcp any host PUBLIC-IP eq 25 log-input evaluate packets deny ip any any log-input
and I have a static NAT for the PUBLIC IP
ip nat inside source static PRIVATE-IP-OF-EXCHANGE-SERVER PUBLIC-IP
When I telnet in, I see hits on the ACL denying telnet (X matches) etc. However, when I telnet in:
telnet PUBLIC-IP 25
To test connectivity to my SMTP server, no matches hit the ACL. Does anyone see anything wrong? There are no other hits on ACLs (except for pings when i ping in or out and the implicit deny).
And when I do a show ip nat translations, it shows the static but with no Protocol, or Outside ip's. Would those show up?
Thanks.